This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Mulitple Roles Required for one page

Aug 11th, 2008, 03:57 PM

Hello,

I'm attempting to build a tools app that will depend on more than one role type for access. I've read through the reference guide and gone through the sample projects, but I'm still not sure how to do this.

I want to have one criteria which is based on access level (ie: Admin, Editor, User) and another criteria based part of the site (ie: Baseball, Football, Basketball). For example, I might have a user with the following info:

username: mike
access level: editor
access areas: football

I want mike to have access to any part of the site that qualifies on both permissions for, such as the following path

/football/editor/*

but be denied access from all other areas, such as:

/baseball/user/*
/basketball/user/*
/football/admin/*

I'd rather not have to define a different role for each part of the site + access level (there are more than 3 of each, that's just an example and it would end up being hundreds of different roles).

Is there a way that exists to do this just through configuration? Do I need to develop a custom SpringSecurityFilter for this? If so, is there a good resource about how to do this?